aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--dev-lang/python/Manifest2
-rw-r--r--dev-lang/python/files/3.4-getentropy-linux.patch40
-rw-r--r--dev-lang/python/files/3.6-disable-nis.patch25
-rw-r--r--dev-lang/python/files/python-3.4.10-openssl11.patch894
-rw-r--r--dev-lang/python/files/python-3.4.5-cross.patch11
-rw-r--r--dev-lang/python/files/python-3.5.5-hash-unaligned.patch48
-rw-r--r--dev-lang/python/python-3.4.10.ebuild173
7 files changed, 80 insertions, 1113 deletions
diff --git a/dev-lang/python/Manifest b/dev-lang/python/Manifest
index 39ffe3c..17ea2a0 100644
--- a/dev-lang/python/Manifest
+++ b/dev-lang/python/Manifest
@@ -3,5 +3,5 @@ DIST Python-3.2.6.tar.xz 9243292 SHA256 1d12b501819fd26afafbf8459be1aa279b56f032
DIST Python-3.3.5.tar.xz 12116308 SHA256 abe99b484434503d8b23be0f243ec27139e743a4798cd71c1dce3cf40e63b6e5 SHA512 562ebd85291f29ff18d37f05682763fc45aa9d070688006f4ef5c89392a48022357c3ca9ee1d795e9e863bdef413e6bab77b8d65581d374a76dbe7cacec65550 WHIRLPOOL f4b6010d32b28b7bb038cbb7c5f98d325cc4253fd1be9a0a1089ed6fd7dd414c5169931d21ef819137d5c1084517a650828f260cf2a1d8ce871bc67aeef3fff8
DIST Python-3.4.10.tar.xz 14559088 SHA256 d46a8f6fe91679e199c671b1b0a30aaf172d2acb5bcab25beb35f16c3d195b4e SHA512 d5d27d68049b61f135e21b12a800dbd4fc521d6935de178de6e2e88a989cda511d3c8fead90d14e38d2db0e528a74b22674e0da01c51ff4fad7d335ec6c3dbbc WHIRLPOOL 84608931cd785eddd234d207be2caa273575067d7687a0ed05217e2f2ae410da684fcf5ed65cfa17dd8eda082844bb4067cdcb4a277ceb20845ffa9f3baa6f58
DIST Python-3.5.9.tar.xz 15388876 SHA256 c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049 SHA512 58127793adef42ed57ae4d56338268866e14c2d084f09f57f26fc6b1c9454e70cc6d3dffc638f8d56f182acc0884021a4dbb578f312dd6fc01995fa85e31377e WHIRLPOOL 16f4a6938ed1004cbb10a9b60621d70f8e52a36771fbb55cf5fb3211ad98daa2c9cf181789c226d51c4f65cefce056dfff73031f61c1ce35e96e24bd2db186b3
-DIST python-gentoo-patches-3.4.6-0.tar.xz 11728 SHA256 93e7c8487deefc36c612403fb6c82e495c46846a1952f9ed85f82af41840be4a SHA512 41c22dc8f1db8800fc0b97eed2b27bf1873e5de1369bd4aecf7a7a91e609a78e45a4b56fc89d575317f33a7704c0c1cad1494e8a993415a198f256e8338f49ab WHIRLPOOL 851945e7ccea985a88bcbd71bc404bc34c27a0e335386e9ed15fa9876aab3285ff559936fb2dcadf7ac0594a7cb03ac3a9e4135b67b350c5fdf33e9a44ca0654
+DIST python-gentoo-patches-3.4.10.tar.xz 21340 SHA256 12d291ac445fe76bcb5e391de7f88308b2509a27e05b7559c6a1a6636b0f74c5 SHA512 27ee476c080a0d1c012ef5d3d8325db6e697e1c3d9611f0337668f3660a50e50e6529bd0fd8b3b5b6030c9be8f8a86d95fa59bc27085ce7d18a7e0b50afe9f4b WHIRLPOOL 81cd55b8696026a8832ae1e89f2ff137ff1b20c5d675a148b4a1e3bd761d938c5a67e36284377cfa4850381f4f3c451f4d7dbc309dbd0390ecdc62c6edcd1f25
DIST python-gentoo-patches-3.5.9.tar.xz 13548 SHA256 97d1252935e398a31ed3634f50b70ed17b38bd8c5ea10fad601912ca58fdee5f SHA512 def5435a315e58d3794d8bce8fb04105a36ff37bd90a437cf7588a0c0ec8d420af5b68009ab153823286e71e52056e12a0eba4dc4d958eeb8d6b914b24f0de81 WHIRLPOOL 139ffbd3aa2ca349f1b8254d7326942111b448d2b2c8649a37550fb1f5095fed488c0a2748120a8b39b514502b25ac9fcc9bf2130da7927e19d11e8fd649ade8
diff --git a/dev-lang/python/files/3.4-getentropy-linux.patch b/dev-lang/python/files/3.4-getentropy-linux.patch
deleted file mode 100644
index 9f12389..0000000
--- a/dev-lang/python/files/3.4-getentropy-linux.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 5635d44079e1bbd9c495951ede8d078e7b8d67d5 Mon Sep 17 00:00:00 2001
-From: Victor Stinner <victor.stinner@gmail.com>
-Date: Mon, 9 Jan 2017 11:10:41 +0100
-Subject: [PATCH] Don't use getentropy() on Linux
-
-Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but
-read from /dev/urandom to get random bytes, for example in os.urandom(). On
-Linux, getentropy() is implemented which getrandom() is blocking mode, whereas
-os.urandom() should not block.
----
- Python/random.c | 13 ++++++++++---
- 1 file changed, 10 insertions(+), 3 deletions(-)
-
-diff --git a/Python/random.c b/Python/random.c
-index af3d0bd0d5..dc6400d3b8 100644
---- a/Python/random.c
-+++ b/Python/random.c
-@@ -67,9 +67,16 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
- return 0;
- }
-
--/* Issue #25003: Don' use getentropy() on Solaris (available since
-- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
--#elif defined(HAVE_GETENTROPY) && !defined(sun)
-+/* Issue #25003: Don't use getentropy() on Solaris (available since
-+ Solaris 11.3), it is blocking whereas os.urandom() should not block.
-+
-+ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24
-+ implements it with the getrandom() syscall which can fail with ENOSYS,
-+ and this error is not supported in py_getentropy() and getrandom() is called
-+ with flags=0 which blocks until system urandom is initialized, which is not
-+ the desired behaviour to seed the Python hash secret nor for os.urandom():
-+ see the PEP 524 which was only implemented in Python 3.6. */
-+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux)
- #define PY_GETENTROPY 1
-
- /* Fill buffer with size pseudo-random bytes generated by getentropy().
---
-2.15.0.rc2
-
diff --git a/dev-lang/python/files/3.6-disable-nis.patch b/dev-lang/python/files/3.6-disable-nis.patch
deleted file mode 100644
index ccfb890..0000000
--- a/dev-lang/python/files/3.6-disable-nis.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 2ed81ae3d36c2e0dd709240169fdccd6b3cd1a27 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Wed, 4 Jul 2018 11:39:21 -0400
-Subject: [PATCH 7/8] Disable nis
---- a/setup.py
-+++ b/setup.py
-@@ -1332,17 +1332,7 @@ class PyBuildExt(build_ext):
- # Jeremy Hylton's rlimit interface
- exts.append( Extension('resource', ['resource.c']) )
-
-- # Sun yellow pages. Some systems have the functions in libc.
-- if (host_platform not in ['cygwin', 'qnx6'] and
-- find_file('rpcsvc/yp_prot.h', inc_dirs, []) is not None):
-- if (self.compiler.find_library_file(lib_dirs, 'nsl')):
-- libs = ['nsl']
-- else:
-- libs = []
-- exts.append( Extension('nis', ['nismodule.c'],
-- libraries = libs) )
-- else:
-- missing.append('nis')
-+ missing.append('nis')
- else:
- missing.extend(['nis', 'resource', 'termios'])
-
diff --git a/dev-lang/python/files/python-3.4.10-openssl11.patch b/dev-lang/python/files/python-3.4.10-openssl11.patch
deleted file mode 100644
index f5fe537..0000000
--- a/dev-lang/python/files/python-3.4.10-openssl11.patch
+++ /dev/null
@@ -1,894 +0,0 @@
-From 9c7a4d7baebfa84c2fa2deff7417871d96f714f2 Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Mon, 5 Sep 2016 23:19:05 +0200
-Subject: [PATCH] Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.
-
-(rebased for 3.4.10)
----
- Lib/ssl.py | 15 ++--
- Lib/test/test_ssl.py | 27 +++---
- Modules/_hashopenssl.c | 167 +++++++++++++++++++++++--------------
- Modules/_ssl.c | 184 +++++++++++++++++++++++++++++++----------
- 4 files changed, 271 insertions(+), 122 deletions(-)
-
-diff --git a/Lib/ssl.py b/Lib/ssl.py
-index 873aa4798b..359809a020 100644
---- a/Lib/ssl.py
-+++ b/Lib/ssl.py
-@@ -51,6 +51,7 @@ The following constants identify various SSL protocol variants:
- PROTOCOL_SSLv2
- PROTOCOL_SSLv3
- PROTOCOL_SSLv23
-+PROTOCOL_TLS
- PROTOCOL_TLSv1
- PROTOCOL_TLSv1_1
- PROTOCOL_TLSv1_2
-@@ -348,13 +349,13 @@ class SSLContext(_SSLContext):
- __slots__ = ('protocol', '__weakref__')
- _windows_cert_stores = ("CA", "ROOT")
-
-- def __new__(cls, protocol, *args, **kwargs):
-+ def __new__(cls, protocol=PROTOCOL_TLS, *args, **kwargs):
- self = _SSLContext.__new__(cls, protocol)
- if protocol != _SSLv2_IF_EXISTS:
- self.set_ciphers(_DEFAULT_CIPHERS)
- return self
-
-- def __init__(self, protocol):
-+ def __init__(self, protocol=PROTOCOL_TLS):
- self.protocol = protocol
-
- def wrap_socket(self, sock, server_side=False,
-@@ -408,7 +409,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
- if not isinstance(purpose, _ASN1Object):
- raise TypeError(purpose)
-
-- context = SSLContext(PROTOCOL_SSLv23)
-+ context = SSLContext(PROTOCOL_TLS)
-
- # SSLv2 considered harmful.
- context.options |= OP_NO_SSLv2
-@@ -445,7 +446,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
- context.load_default_certs(purpose)
- return context
-
--def _create_unverified_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
-+def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=None,
- check_hostname=False, purpose=Purpose.SERVER_AUTH,
- certfile=None, keyfile=None,
- cafile=None, capath=None, cadata=None):
-@@ -501,7 +502,7 @@ class SSLSocket(socket):
-
- def __init__(self, sock=None, keyfile=None, certfile=None,
- server_side=False, cert_reqs=CERT_NONE,
-- ssl_version=PROTOCOL_SSLv23, ca_certs=None,
-+ ssl_version=PROTOCOL_TLS, ca_certs=None,
- do_handshake_on_connect=True,
- family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None,
- suppress_ragged_eofs=True, npn_protocols=None, ciphers=None,
-@@ -883,7 +884,7 @@ class SSLSocket(socket):
-
- def wrap_socket(sock, keyfile=None, certfile=None,
- server_side=False, cert_reqs=CERT_NONE,
-- ssl_version=PROTOCOL_SSLv23, ca_certs=None,
-+ ssl_version=PROTOCOL_TLS, ca_certs=None,
- do_handshake_on_connect=True,
- suppress_ragged_eofs=True,
- ciphers=None):
-@@ -930,7 +931,7 @@ def PEM_cert_to_DER_cert(pem_cert_string):
- d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
- return base64.decodebytes(d.encode('ASCII', 'strict'))
-
--def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
-+def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None):
- """Retrieve the certificate from the server at the specified address,
- and return it as a PEM-encoded string.
- If 'ca_certs' is specified, validate the server cert against it.
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index e36a309bfa..b663a04aa2 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -23,6 +23,9 @@ ssl = support.import_module("ssl")
-
- PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)
- HOST = support.HOST
-+IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')
-+IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)
-+
-
- def data_file(*name):
- return os.path.join(os.path.dirname(__file__), *name)
-@@ -318,9 +321,9 @@ class BasicSocketTests(unittest.TestCase):
- self.assertGreaterEqual(status, 0)
- self.assertLessEqual(status, 15)
- # Version string as returned by {Open,Libre}SSL, the format might change
-- if "LibreSSL" in s:
-- self.assertTrue(s.startswith("LibreSSL {:d}.{:d}".format(major, minor)),
-- (s, t))
-+ if IS_LIBRESSL:
-+ self.assertTrue(s.startswith("LibreSSL {:d}".format(major)),
-+ (s, t, hex(n)))
- else:
- self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)),
- (s, t))
-@@ -677,7 +680,8 @@ class ContextTests(unittest.TestCase):
- def test_constructor(self):
- for protocol in PROTOCOLS:
- ssl.SSLContext(protocol)
-- self.assertRaises(TypeError, ssl.SSLContext)
-+ ctx = ssl.SSLContext()
-+ self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
- self.assertRaises(ValueError, ssl.SSLContext, -1)
- self.assertRaises(ValueError, ssl.SSLContext, 42)
-
-@@ -698,15 +702,15 @@ class ContextTests(unittest.TestCase):
- def test_options(self):
- ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
- # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value
-- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3,
-- ctx.options)
-+ default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
-+ if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0):
-+ default |= ssl.OP_NO_COMPRESSION
-+ self.assertEqual(default, ctx.options)
- ctx.options |= ssl.OP_NO_TLSv1
-- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1,
-- ctx.options)
-+ self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
- if can_clear_options():
-- ctx.options = (ctx.options & ~ssl.OP_NO_SSLv2) | ssl.OP_NO_TLSv1
-- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_TLSv1 | ssl.OP_NO_SSLv3,
-- ctx.options)
-+ ctx.options = (ctx.options & ~ssl.OP_NO_TLSv1)
-+ self.assertEqual(default, ctx.options)
- ctx.options = 0
- # Ubuntu has OP_NO_SSLv3 forced on by default
- self.assertEqual(0, ctx.options & ~ssl.OP_NO_SSLv3)
-@@ -1042,6 +1046,7 @@ class ContextTests(unittest.TestCase):
- self.assertRaises(TypeError, ctx.load_default_certs, 'SERVER_AUTH')
-
- @unittest.skipIf(sys.platform == "win32", "not-Windows specific")
-+ @unittest.skipIf(IS_LIBRESSL, "LibreSSL doesn't support env vars")
- def test_load_default_certs_env(self):
- ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
- with support.EnvironmentVarGuard() as env:
-diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
-index 5b0a7be12b..86a8950588 100644
---- a/Modules/_hashopenssl.c
-+++ b/Modules/_hashopenssl.c
-@@ -20,7 +20,6 @@
-
- /* EVP is the preferred interface to hashing in OpenSSL */
- #include <openssl/evp.h>
--#include <openssl/hmac.h>
- /* We use the object interface to discover what hashes OpenSSL supports. */
- #include <openssl/objects.h>
- #include "openssl/err.h"
-@@ -31,15 +30,22 @@
- #define HASH_OBJ_CONSTRUCTOR 0
- #endif
-
--/* Minimum OpenSSL version needed to support sha224 and higher. */
--#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x00908000)
--#define _OPENSSL_SUPPORTS_SHA2
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
-+/* OpenSSL < 1.1.0 */
-+#define EVP_MD_CTX_new EVP_MD_CTX_create
-+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
-+#define HAS_FAST_PKCS5_PBKDF2_HMAC 0
-+#include <openssl/hmac.h>
-+#else
-+/* OpenSSL >= 1.1.0 */
-+#define HAS_FAST_PKCS5_PBKDF2_HMAC 1
- #endif
-
-+
- typedef struct {
- PyObject_HEAD
- PyObject *name; /* name of this hash algorithm */
-- EVP_MD_CTX ctx; /* OpenSSL message digest context */
-+ EVP_MD_CTX *ctx; /* OpenSSL message digest context */
- #ifdef WITH_THREAD
- PyThread_type_lock lock; /* OpenSSL context lock */
- #endif
-@@ -51,7 +57,6 @@ static PyTypeObject EVPtype;
-
- #define DEFINE_CONSTS_FOR_NEW(Name) \
- static PyObject *CONST_ ## Name ## _name_obj = NULL; \
-- static EVP_MD_CTX CONST_new_ ## Name ## _ctx; \
- static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL;
-
- DEFINE_CONSTS_FOR_NEW(md5)
-@@ -64,19 +69,57 @@ DEFINE_CONSTS_FOR_NEW(sha512)
- #endif
-
-
-+/* LCOV_EXCL_START */
-+static PyObject *
-+_setException(PyObject *exc)
-+{
-+ unsigned long errcode;
-+ const char *lib, *func, *reason;
-+
-+ errcode = ERR_peek_last_error();
-+ if (!errcode) {
-+ PyErr_SetString(exc, "unknown reasons");
-+ return NULL;
-+ }
-+ ERR_clear_error();
-+
-+ lib = ERR_lib_error_string(errcode);
-+ func = ERR_func_error_string(errcode);
-+ reason = ERR_reason_error_string(errcode);
-+
-+ if (lib && func) {
-+ PyErr_Format(exc, "[%s: %s] %s", lib, func, reason);
-+ }
-+ else if (lib) {
-+ PyErr_Format(exc, "[%s] %s", lib, reason);
-+ }
-+ else {
-+ PyErr_SetString(exc, reason);
-+ }
-+ return NULL;
-+}
-+/* LCOV_EXCL_STOP */
-+
- static EVPobject *
- newEVPobject(PyObject *name)
- {
- EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype);
-+ if (retval == NULL) {
-+ return NULL;
-+ }
-+
-+ retval->ctx = EVP_MD_CTX_new();
-+ if (retval->ctx == NULL) {
-+ PyErr_NoMemory();
-+ return NULL;
-+ }
-
- /* save the name for .name to return */
-- if (retval != NULL) {
-- Py_INCREF(name);
-- retval->name = name;
-+ Py_INCREF(name);
-+ retval->name = name;
- #ifdef WITH_THREAD
-- retval->lock = NULL;
-+ retval->lock = NULL;
- #endif
-- }
-
- return retval;
- }
-@@ -91,7 +134,7 @@ EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len)
- process = MUNCH_SIZE;
- else
- process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int);
-- EVP_DigestUpdate(&self->ctx, (const void*)cp, process);
-+ EVP_DigestUpdate(self->ctx, (const void*)cp, process);
- len -= process;
- cp += process;
- }
-@@ -106,16 +149,19 @@ EVP_dealloc(EVPobject *self)
- if (self->lock != NULL)
- PyThread_free_lock(self->lock);
- #endif
-- EVP_MD_CTX_cleanup(&self->ctx);
-+ EVP_MD_CTX_free(self->ctx);
- Py_XDECREF(self->name);
- PyObject_Del(self);
- }
-
--static void locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self)
-+static int
-+locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self)
- {
-+ int result;
- ENTER_HASHLIB(self);
-- EVP_MD_CTX_copy(new_ctx_p, &self->ctx);
-+ result = EVP_MD_CTX_copy(new_ctx_p, self->ctx);
- LEAVE_HASHLIB(self);
-+ return result;
- }
-
- /* External methods for a hash object */
-@@ -131,7 +177,9 @@ EVP_copy(EVPobject *self, PyObject *unused)
- if ( (newobj = newEVPobject(self->name))==NULL)
- return NULL;
-
-- locked_EVP_MD_CTX_copy(&newobj->ctx, self);
-+ if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) {
-+ return _setException(PyExc_ValueError);
-+ }
- return (PyObject *)newobj;
- }
-
-@@ -142,16 +190,24 @@ static PyObject *
- EVP_digest(EVPobject *self, PyObject *unused)
- {
- unsigned char digest[EVP_MAX_MD_SIZE];
-- EVP_MD_CTX temp_ctx;
-+ EVP_MD_CTX *temp_ctx;
- PyObject *retval;
- unsigned int digest_size;
-
-- locked_EVP_MD_CTX_copy(&temp_ctx, self);
-- digest_size = EVP_MD_CTX_size(&temp_ctx);
-- EVP_DigestFinal(&temp_ctx, digest, NULL);
-+ temp_ctx = EVP_MD_CTX_new();
-+ if (temp_ctx == NULL) {
-+ PyErr_NoMemory();
-+ return NULL;
-+ }
-+
-+ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
-+ return _setException(PyExc_ValueError);
-+ }
-+ digest_size = EVP_MD_CTX_size(temp_ctx);
-+ EVP_DigestFinal(temp_ctx, digest, NULL);
-
- retval = PyBytes_FromStringAndSize((const char *)digest, digest_size);
-- EVP_MD_CTX_cleanup(&temp_ctx);
-+ EVP_MD_CTX_free(temp_ctx);
- return retval;
- }
-
-@@ -162,17 +218,25 @@ static PyObject *
- EVP_hexdigest(EVPobject *self, PyObject *unused)
- {
- unsigned char digest[EVP_MAX_MD_SIZE];
-- EVP_MD_CTX temp_ctx;
-+ EVP_MD_CTX *temp_ctx;
- PyObject *retval;
- char *hex_digest;
- unsigned int i, j, digest_size;
-
-+ temp_ctx = EVP_MD_CTX_new();
-+ if (temp_ctx == NULL) {
-+ PyErr_NoMemory();
-+ return NULL;
-+ }
-+
- /* Get the raw (binary) digest value */
-- locked_EVP_MD_CTX_copy(&temp_ctx, self);
-- digest_size = EVP_MD_CTX_size(&temp_ctx);
-- EVP_DigestFinal(&temp_ctx, digest, NULL);
-+ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
-+ return _setException(PyExc_ValueError);
-+ }
-+ digest_size = EVP_MD_CTX_size(temp_ctx);
-+ EVP_DigestFinal(temp_ctx, digest, NULL);
-
-- EVP_MD_CTX_cleanup(&temp_ctx);
-+ EVP_MD_CTX_free(temp_ctx);
-
- /* Allocate a new buffer */
- hex_digest = PyMem_Malloc(digest_size * 2 + 1);
-@@ -241,7 +305,7 @@ static PyObject *
- EVP_get_block_size(EVPobject *self, void *closure)
- {
- long block_size;
-- block_size = EVP_MD_CTX_block_size(&self->ctx);
-+ block_size = EVP_MD_CTX_block_size(self->ctx);
- return PyLong_FromLong(block_size);
- }
-
-@@ -249,7 +313,7 @@ static PyObject *
- EVP_get_digest_size(EVPobject *self, void *closure)
- {
- long size;
-- size = EVP_MD_CTX_size(&self->ctx);
-+ size = EVP_MD_CTX_size(self->ctx);
- return PyLong_FromLong(size);
- }
-
-@@ -310,7 +374,7 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
- PyBuffer_Release(&view);
- return -1;
- }
-- EVP_DigestInit(&self->ctx, digest);
-+ EVP_DigestInit(self->ctx, digest);
-
- self->name = name_obj;
- Py_INCREF(self->name);
-@@ -407,9 +471,9 @@ EVPnew(PyObject *name_obj,
- return NULL;
-
- if (initial_ctx) {
-- EVP_MD_CTX_copy(&self->ctx, initial_ctx);
-+ EVP_MD_CTX_copy(self->ctx, initial_ctx);
- } else {
-- EVP_DigestInit(&self->ctx, digest);
-+ EVP_DigestInit(self->ctx, digest);
- }
-
- if (cp && len) {
-@@ -475,6 +539,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict)
-
- #define PY_PBKDF2_HMAC 1
-
-+#if !HAS_FAST_PKCS5_PBKDF2_HMAC
- /* Improved implementation of PKCS5_PBKDF2_HMAC()
- *
- * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of
-@@ -556,37 +621,8 @@ PKCS5_PBKDF2_HMAC_fast(const char *pass, int passlen,
- HMAC_CTX_cleanup(&hctx_tpl);
- return 1;
- }
-+#endif
-
--/* LCOV_EXCL_START */
--static PyObject *
--_setException(PyObject *exc)
--{
-- unsigned long errcode;
-- const char *lib, *func, *reason;
--
-- errcode = ERR_peek_last_error();
-- if (!errcode) {
-- PyErr_SetString(exc, "unknown reasons");
-- return NULL;
-- }
-- ERR_clear_error();
--
-- lib = ERR_lib_error_string(errcode);
-- func = ERR_func_error_string(errcode);
-- reason = ERR_reason_error_string(errcode);
--
-- if (lib && func) {
-- PyErr_Format(exc, "[%s: %s] %s", lib, func, reason);
-- }
-- else if (lib) {
-- PyErr_Format(exc, "[%s] %s", lib, reason);
-- }
-- else {
-- PyErr_SetString(exc, reason);
-- }
-- return NULL;
--}
--/* LCOV_EXCL_STOP */
-
- PyDoc_STRVAR(pbkdf2_hmac__doc__,
- "pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) -> key\n\
-@@ -668,10 +704,17 @@ pbkdf2_hmac(PyObject *self, PyObject *args, PyObject *kwdict)
- key = PyBytes_AS_STRING(key_obj);
-
- Py_BEGIN_ALLOW_THREADS
-+#if HAS_FAST_PKCS5_PBKDF2_HMAC
-+ retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len,
-+ (unsigned char *)salt.buf, (int)salt.len,
-+ iterations, digest, dklen,
-+ (unsigned char *)key);
-+#else
- retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len,
- (unsigned char *)salt.buf, (int)salt.len,
- iterations, digest, dklen,
- (unsigned char *)key);
-+#endif
- Py_END_ALLOW_THREADS
-
- if (!retval) {
-@@ -790,7 +833,7 @@ generate_hash_name_list(void)
- if (CONST_ ## NAME ## _name_obj == NULL) { \
- CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \
- if (EVP_get_digestbyname(#NAME)) { \
-- CONST_new_ ## NAME ## _ctx_p = &CONST_new_ ## NAME ## _ctx; \
-+ CONST_new_ ## NAME ## _ctx_p = EVP_MD_CTX_new(); \
- EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \
- } \
- } \
-diff --git a/Modules/_ssl.c b/Modules/_ssl.c
-index 0ff9d553e2..512e5f10ce 100644
---- a/Modules/_ssl.c
-+++ b/Modules/_ssl.c
-@@ -55,6 +55,14 @@ static PySocketModule_APIObject PySocketModule;
- #include <sys/poll.h>
- #endif
-
-+/* Don't warn about deprecated functions */
-+#ifdef __GNUC__
-+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-+#endif
-+#ifdef __clang__
-+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
-+#endif
-+
- /* Include OpenSSL header files */
- #include "openssl/rsa.h"
- #include "openssl/crypto.h"
-@@ -90,6 +98,10 @@ struct py_ssl_library_code {
- /* Include generated data (error codes) */
- #include "_ssl_data.h"
-
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
-+# define OPENSSL_VERSION_1_1 1
-+#endif
-+
- /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
- http://www.openssl.org/news/changelog.html
- */
-@@ -108,6 +120,80 @@ struct py_ssl_library_code {
- # define HAVE_SNI 0
- #endif
-
-+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
-+# define HAVE_ALPN
-+#endif
-+
-+#ifndef INVALID_SOCKET /* MS defines this */
-+#define INVALID_SOCKET (-1)
-+#endif
-+
-+#ifdef OPENSSL_VERSION_1_1
-+/* OpenSSL 1.1.0+ */
-+#ifndef OPENSSL_NO_SSL2
-+#define OPENSSL_NO_SSL2
-+#endif
-+#else /* OpenSSL < 1.1.0 */
-+#if defined(WITH_THREAD)
-+#define HAVE_OPENSSL_CRYPTO_LOCK
-+#endif
-+
-+#define TLS_method SSLv23_method
-+
-+static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
-+{
-+ return ne->set;
-+}
-+
-+#ifndef OPENSSL_NO_COMP
-+static int COMP_get_type(const COMP_METHOD *meth)
-+{
-+ return meth->type;
-+}
-+
-+static const char *COMP_get_name(const COMP_METHOD *meth)
-+{
-+ return meth->name;
-+}
-+#endif
-+
-+static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
-+{
-+ return ctx->default_passwd_callback;
-+}
-+
-+static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
-+{
-+ return ctx->default_passwd_callback_userdata;
-+}
-+
-+static int X509_OBJECT_get_type(X509_OBJECT *x)
-+{
-+ return x->type;
-+}
-+
-+static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x)
-+{
-+ return x->data.x509;
-+}
-+
-+static int BIO_up_ref(BIO *b)
-+{
-+ CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO);
-+ return 1;
-+}
-+
-+static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) {
-+ return store->objs;
-+}
-+
-+static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store)
-+{
-+ return store->param;
-+}
-+#endif /* OpenSSL < 1.1.0 or LibreSSL */
-+
-+
- enum py_ssl_error {
- /* these mirror ssl.h */
- PY_SSL_ERROR_NONE,
-@@ -138,7 +224,7 @@ enum py_ssl_cert_requirements {
- enum py_ssl_version {
- PY_SSL_VERSION_SSL2,
- PY_SSL_VERSION_SSL3=1,
-- PY_SSL_VERSION_SSL23,
-+ PY_SSL_VERSION_TLS,
- #if HAVE_TLSv1_2
- PY_SSL_VERSION_TLS1,
- PY_SSL_VERSION_TLS1_1,
-@@ -504,7 +590,7 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock,
- PySSL_BEGIN_ALLOW_THREADS
- self->ssl = SSL_new(ctx);
- PySSL_END_ALLOW_THREADS
-- SSL_set_app_data(self->ssl,self);
-+ SSL_set_app_data(self->ssl, self);
- SSL_set_fd(self->ssl, Py_SAFE_DOWNCAST(sock->sock_fd, SOCKET_T, int));
- mode = SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER;
- #ifdef SSL_MODE_AUTO_RETRY
-@@ -691,7 +777,7 @@ _create_tuple_for_X509_NAME (X509_NAME *xname)
-
- /* check to see if we've gotten to a new RDN */
- if (rdn_level >= 0) {
-- if (rdn_level != entry->set) {
-+ if (rdn_level != X509_NAME_ENTRY_set(entry)) {
- /* yes, new RDN */
- /* add old RDN to DN */
- rdnt = PyList_AsTuple(rdn);
-@@ -708,7 +794,7 @@ _create_tuple_for_X509_NAME (X509_NAME *xname)
- goto fail0;
- }
- }
-- rdn_level = entry->set;
-+ rdn_level = X509_NAME_ENTRY_set(entry);
-
- /* now add this attribute to the current RDN */
- name = X509_NAME_ENTRY_get_object(entry);
-@@ -811,18 +897,18 @@ _get_peer_alt_names (X509 *certificate) {
- goto fail;
- }
-
-- p = ext->value->data;
-+ p = X509_EXTENSION_get_data(ext)->data;
- if (method->it)
- names = (GENERAL_NAMES*)
- (ASN1_item_d2i(NULL,
- &p,
-- ext->value->length,
-+ X509_EXTENSION_get_data(ext)->length,
- ASN1_ITEM_ptr(method->it)));
- else
- names = (GENERAL_NAMES*)
- (method->d2i(NULL,
- &p,
-- ext->value->length));
-+ X509_EXTENSION_get_data(ext)->length));
-
- for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
- /* get a rendering of each name in the set of names */
-@@ -1033,13 +1119,11 @@ _get_crl_dp(X509 *certificate) {
- int i, j;
- PyObject *lst, *res = NULL;
-
--#if OPENSSL_VERSION_NUMBER < 0x10001000L
-- dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
--#else
-+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
- /* Calls x509v3_cache_extensions and sets up crldp */
- X509_check_ca(certificate);
-- dps = certificate->crldp;
- #endif
-+ dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
-
- if (dps == NULL)
- return Py_None;
-@@ -1431,9 +1515,9 @@ static PyObject *PySSL_compression(PySSLSocket *self) {
- if (self->ssl == NULL)
- Py_RETURN_NONE;
- comp_method = SSL_get_current_compression(self->ssl);
-- if (comp_method == NULL || comp_method->type == NID_undef)
-+ if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef)
- Py_RETURN_NONE;
-- short_name = OBJ_nid2sn(comp_method->type);
-+ short_name = COMP_get_name(comp_method);
- if (short_name == NULL)
- Py_RETURN_NONE;
- return PyUnicode_DecodeFSDefault(short_name);
-@@ -1981,7 +2065,7 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
- {
- char *kwlist[] = {"protocol", NULL};
- PySSLContext *self;
-- int proto_version = PY_SSL_VERSION_SSL23;
-+ int proto_version = PY_SSL_VERSION_TLS;
- long options;
- SSL_CTX *ctx = NULL;
-
-@@ -2007,8 +2091,8 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
- else if (proto_version == PY_SSL_VERSION_SSL2)
- ctx = SSL_CTX_new(SSLv2_method());
- #endif
-- else if (proto_version == PY_SSL_VERSION_SSL23)
-- ctx = SSL_CTX_new(SSLv23_method());
-+ else if (proto_version == PY_SSL_VERSION_TLS)
-+ ctx = SSL_CTX_new(TLS_method());
- else
- proto_version = -1;
- PySSL_END_ALLOW_THREADS
-@@ -2051,8 +2135,9 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
- #ifndef OPENSSL_NO_ECDH
- /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use
- prime256v1 by default. This is Apache mod_ssl's initialization
-- policy, so we should be safe. */
--#if defined(SSL_CTX_set_ecdh_auto)
-+ policy, so we should be safe. OpenSSL 1.1 has it enabled by default.
-+ */
-+#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1)
- SSL_CTX_set_ecdh_auto(self->ctx, 1);
- #else
- {
-@@ -2263,10 +2348,12 @@ static PyObject *
- get_verify_flags(PySSLContext *self, void *c)
- {
- X509_STORE *store;
-+ X509_VERIFY_PARAM *param;
- unsigned long flags;
-
- store = SSL_CTX_get_cert_store(self->ctx);
-- flags = X509_VERIFY_PARAM_get_flags(store->param);
-+ param = X509_STORE_get0_param(store);
-+ flags = X509_VERIFY_PARAM_get_flags(param);
- return PyLong_FromUnsignedLong(flags);
- }
-
-@@ -2274,22 +2361,24 @@ static int
- set_verify_flags(PySSLContext *self, PyObject *arg, void *c)
- {
- X509_STORE *store;
-+ X509_VERIFY_PARAM *param;
- unsigned long new_flags, flags, set, clear;
-
- if (!PyArg_Parse(arg, "k", &new_flags))
- return -1;
- store = SSL_CTX_get_cert_store(self->ctx);
-- flags = X509_VERIFY_PARAM_get_flags(store->param);
-+ param = X509_STORE_get0_param(store);
-+ flags = X509_VERIFY_PARAM_get_flags(param);
- clear = flags & ~new_flags;
- set = ~flags & new_flags;
- if (clear) {
-- if (!X509_VERIFY_PARAM_clear_flags(store->param, clear)) {
-+ if (!X509_VERIFY_PARAM_clear_flags(param, clear)) {
- _setSSLError(NULL, 0, __FILE__, __LINE__);
- return -1;
- }
- }
- if (set) {
-- if (!X509_VERIFY_PARAM_set_flags(store->param, set)) {
-+ if (!X509_VERIFY_PARAM_set_flags(param, set)) {
- _setSSLError(NULL, 0, __FILE__, __LINE__);
- return -1;
- }
-@@ -2459,8 +2548,8 @@ load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
- char *kwlist[] = {"certfile", "keyfile", "password", NULL};
- PyObject *certfile, *keyfile = NULL, *password = NULL;
- PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL;
-- pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback;
-- void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata;
-+ pem_password_cb *orig_passwd_cb = SSL_CTX_get_default_passwd_cb(self->ctx);
-+ void *orig_passwd_userdata = SSL_CTX_get_default_passwd_cb_userdata(self->ctx);
- _PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 };
- int r;
-
-@@ -2591,8 +2680,9 @@ _add_ca_certs(PySSLContext *self, void *data, Py_ssize_t len,
- cert = d2i_X509_bio(biobuf, NULL);
- } else {
- cert = PEM_read_bio_X509(biobuf, NULL,
-- self->ctx->default_passwd_callback,
-- self->ctx->default_passwd_callback_userdata);
-+ SSL_CTX_get_default_passwd_cb(self->ctx),
-+ SSL_CTX_get_default_passwd_cb_userdata(self->ctx)
-+ );
- }
- if (cert == NULL) {
- break;
-@@ -3040,25 +3130,24 @@ static PyObject *
- cert_store_stats(PySSLContext *self)
- {
- X509_STORE *store;
-+ STACK_OF(X509_OBJECT) *objs;
- X509_OBJECT *obj;
-- int x509 = 0, crl = 0, pkey = 0, ca = 0, i;
-+ int x509 = 0, crl = 0, ca = 0, i;
-
- store = SSL_CTX_get_cert_store(self->ctx);
-- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) {
-- obj = sk_X509_OBJECT_value(store->objs, i);
-- switch (obj->type) {
-+ objs = X509_STORE_get0_objects(store);
-+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
-+ obj = sk_X509_OBJECT_value(objs, i);
-+ switch (X509_OBJECT_get_type(obj)) {
- case X509_LU_X509:
- x509++;
-- if (X509_check_ca(obj->data.x509)) {
-+ if (X509_check_ca(X509_OBJECT_get0_X509(obj))) {
- ca++;
- }
- break;
- case X509_LU_CRL:
- crl++;
- break;
-- case X509_LU_PKEY:
-- pkey++;
-- break;
- default:
- /* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY.
- * As far as I can tell they are internal states and never
-@@ -3083,6 +3172,7 @@ get_ca_certs(PySSLContext *self, PyObject *args, PyObject *kwds)
- {
- char *kwlist[] = {"binary_form", NULL};
- X509_STORE *store;
-+ STACK_OF(X509_OBJECT) *objs;
- PyObject *ci = NULL, *rlist = NULL;
- int i;
- int binary_mode = 0;
-@@ -3097,17 +3187,18 @@ get_ca_certs(PySSLContext *self, PyObject *args, PyObject *kwds)
- }
-
- store = SSL_CTX_get_cert_store(self->ctx);
-- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) {
-+ objs = X509_STORE_get0_objects(store);
-+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
- X509_OBJECT *obj;
- X509 *cert;
-
-- obj = sk_X509_OBJECT_value(store->objs, i);
-- if (obj->type != X509_LU_X509) {
-+ obj = sk_X509_OBJECT_value(objs, i);
-+ if (X509_OBJECT_get_type(obj) != X509_LU_X509) {
- /* not a x509 cert */
- continue;
- }
- /* CA for any purpose */
-- cert = obj->data.x509;
-+ cert = X509_OBJECT_get0_X509(obj);
- if (!X509_check_ca(cert)) {
- continue;
- }
-@@ -3780,10 +3871,12 @@ static PyMethodDef PySSL_methods[] = {
- };
-
-
--#ifdef WITH_THREAD
-+#ifdef HAVE_OPENSSL_CRYPTO_LOCK
-
- /* an implementation of OpenSSL threading operations in terms
-- of the Python C thread library */
-+ * of the Python C thread library
-+ * Only used up to 1.0.2. OpenSSL 1.1.0+ has its own locking code.
-+ */
-
- static PyThread_type_lock *_ssl_locks = NULL;
-
-@@ -3864,7 +3957,7 @@ static int _setup_ssl_threads(void) {
- return 1;
- }
-
--#endif /* def HAVE_THREAD */
-+#endif /* HAVE_OPENSSL_CRYPTO_LOCK for WITH_THREAD && OpenSSL < 1.1.0 */
-
- PyDoc_STRVAR(module_doc,
- "Implementation module for SSL socket operations. See the socket module\n\
-@@ -3931,11 +4024,16 @@ PyInit__ssl(void)
- SSL_load_error_strings();
- SSL_library_init();
- #ifdef WITH_THREAD
-+#ifdef HAVE_OPENSSL_CRYPTO_LOCK
- /* note that this will start threading if not already started */
- if (!_setup_ssl_threads()) {
- return NULL;
- }
-+#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS)
-+ /* OpenSSL 1.1.0 builtin thread support is enabled */
-+ _ssl_locks_count++;
- #endif
-+#endif /* WITH_THREAD */
- OpenSSL_add_all_algorithms();
-
- /* Add symbols to module dict */
-@@ -4079,7 +4177,9 @@ PyInit__ssl(void)
- PY_SSL_VERSION_SSL3);
- #endif
- PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
-- PY_SSL_VERSION_SSL23);
-+ PY_SSL_VERSION_TLS);
-+ PyModule_AddIntConstant(m, "PROTOCOL_TLS",
-+ PY_SSL_VERSION_TLS);
- PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
- PY_SSL_VERSION_TLS1);
- #if HAVE_TLSv1_2
---
-2.24.0
-
diff --git a/dev-lang/python/files/python-3.4.5-cross.patch b/dev-lang/python/files/python-3.4.5-cross.patch
deleted file mode 100644
index 7a016ff..0000000
--- a/dev-lang/python/files/python-3.4.5-cross.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/Lib/distutils/command/build_ext.py
-+++ b/Lib/distutils/command/build_ext.py
-@@ -729,7 +729,7 @@
- if sysconfig.get_config_var('Py_ENABLE_SHARED'):
- pythonlib = 'python{}.{}{}'.format(
- sys.hexversion >> 24, (sys.hexversion >> 16) & 0xff,
-- sys.abiflags)
-+ sysconfig.get_config_var('ABIFLAGS'))
- return ext.libraries + [pythonlib]
- else:
- return ext.libraries
diff --git a/dev-lang/python/files/python-3.5.5-hash-unaligned.patch b/dev-lang/python/files/python-3.5.5-hash-unaligned.patch
deleted file mode 100644
index 7861bfb..0000000
--- a/dev-lang/python/files/python-3.5.5-hash-unaligned.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0d17e60b33aca1a4d151a8a2bd6eaa331f0ec658 Mon Sep 17 00:00:00 2001
-From: Rolf Eike Beer <eike@sf-mail.de>
-Date: Sun, 13 May 2018 04:40:03 -0700
-Subject: [PATCH] bpo-28055: Fix unaligned accesses in siphash24(). (GH-6123)
-
-The hash implementation casts the input pointer to uint64_t* and directly reads
-from this, which may cause unaligned accesses. Use memcpy() instead so this code
-will not crash with SIGBUS on sparc.
-
---- a/Python/pyhash.c 2017-11-29 10:21:20.283094068 +0100
-+++ b/Python/pyhash.c 2017-11-29 10:24:26.733087813 +0100
-@@ -372,7 +372,7 @@ siphash24(const void *src, Py_ssize_t sr
- PY_UINT64_T k0 = _le64toh(_Py_HashSecret.siphash.k0);
- PY_UINT64_T k1 = _le64toh(_Py_HashSecret.siphash.k1);
- PY_UINT64_T b = (PY_UINT64_T)src_sz << 56;
-- const PY_UINT64_T *in = (PY_UINT64_T*)src;
-+ const PY_UINT8_T *in = (PY_UINT8_T*)src;
-
- PY_UINT64_T v0 = k0 ^ 0x736f6d6570736575ULL;
- PY_UINT64_T v1 = k1 ^ 0x646f72616e646f6dULL;
-@@ -381,12 +381,14 @@ siphash24(const void *src, Py_ssize_t sr
-
- PY_UINT64_T t;
- PY_UINT8_T *pt;
-- PY_UINT8_T *m;
-+ const PY_UINT8_T *m;
-
- while (src_sz >= 8) {
-- PY_UINT64_T mi = _le64toh(*in);
-- in += 1;
-- src_sz -= 8;
-+ PY_UINT64_T mi;
-+ memcpy(&mi, in, sizeof(mi));
-+ mi = _le64toh(mi);
-+ in += sizeof(mi);
-+ src_sz -= sizeof(mi);
- v3 ^= mi;
- DOUBLE_ROUND(v0,v1,v2,v3);
- v0 ^= mi;
-@@ -394,7 +396,7 @@ siphash24(const void *src, Py_ssize_t sr
-
- t = 0;
- pt = (PY_UINT8_T *)&t;
-- m = (PY_UINT8_T *)in;
-+ m = in;
- switch (src_sz) {
- case 7: pt[6] = m[6];
- case 6: pt[5] = m[5];
diff --git a/dev-lang/python/python-3.4.10.ebuild b/dev-lang/python/python-3.4.10.ebuild
index 10d6002..69ebe37 100644
--- a/dev-lang/python/python-3.4.10.ebuild
+++ b/dev-lang/python/python-3.4.10.ebuild
@@ -1,85 +1,72 @@
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI="5"
+EAPI="7"
WANT_LIBTOOL="none"
-inherit autotools eutils flag-o-matic multilib pax-utils python-utils-r1 toolchain-funcs multiprocessing
+inherit autotools flag-o-matic pax-utils python-utils-r1 toolchain-funcs
-MY_P="Python-${PV/_/}"
-PATCHSET_VERSION="3.4.6-0"
+MY_P="Python-${PV}"
+PYVER=$(ver_cut 1-2)
+PATCHSET="python-gentoo-patches-3.4.10"
DESCRIPTION="An interpreted, interactive, object-oriented programming language"
HOMEPAGE="https://www.python.org/"
-SRC_URI="https://www.python.org/ftp/python/${PV%_rc*}/${MY_P}.tar.xz
- https://dev.gentoo.org/~floppym/python/python-gentoo-patches-${PATCHSET_VERSION}.tar.xz"
+SRC_URI="https://www.python.org/ftp/python/${PV}/${MY_P}.tar.xz
+ https://dev.gentoo.org/~mgorny/dist/python/${PATCHSET}.tar.xz"
+S="${WORKDIR}/${MY_P}"
LICENSE="PSF-2"
-SLOT="3.4/3.4m"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd"
-IUSE="bluetooth build elibc_uclibc examples gdbm hardened ipv6 libressl +ncurses +readline sqlite +ssl +threads tk wininst +xml"
+SLOT="${PYVER}/${PYVER}m"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="bluetooth build examples gdbm hardened ipv6 libressl +ncurses +readline sqlite +ssl +threads tk wininst +xml"
# Do not add a dependency on dev-lang/python to this ebuild.
# If you need to apply a patch which requires python for bootstrapping, please
# run the bootstrap code on your dev box and include the results in the
# patchset. See bug 447752.
-RDEPEND="app-arch/bzip2:0=
- app-arch/xz-utils:0=
- >=sys-libs/zlib-1.1.3:0=
+RDEPEND="app-arch/bzip2:=
+ app-arch/xz-utils:=
+ >=sys-libs/zlib-1.1.3:=
virtual/libffi:=
virtual/libintl
- gdbm? ( sys-libs/gdbm:0=[berkdb] )
+ gdbm? ( sys-libs/gdbm:=[berkdb] )
ncurses? (
- >=sys-libs/ncurses-5.2:0=
- readline? ( >=sys-libs/readline-4.1:0= )
+ >=sys-libs/ncurses-5.2:=
+ readline? ( >=sys-libs/readline-4.1:= )
)
sqlite? ( >=dev-db/sqlite-3.3.8:3= )
ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
+ !libressl? ( dev-libs/openssl:= )
+ libressl? ( dev-libs/libressl:= )
)
tk? (
- >=dev-lang/tcl-8.0:0=
- >=dev-lang/tk-8.0:0=
- dev-tcltk/blt:0=
+ >=dev-lang/tcl-8.0:=
+ >=dev-lang/tk-8.0:=
+ dev-tcltk/blt:=
dev-tcltk/tix
)
- xml? ( >=dev-libs/expat-2.1:0= )
- !!<sys-apps/sandbox-2.6-r1"
+ xml? ( >=dev-libs/expat-2.1:= )"
# bluetooth requires headers from bluez
DEPEND="${RDEPEND}
bluetooth? ( net-wireless/bluez )
virtual/pkgconfig
- >=sys-devel/autoconf-2.65
!sys-devel/gcc[libffi(-)]"
RDEPEND+=" !build? ( app-misc/mime-types )"
PDEPEND=">=app-eselect/eselect-python-20140125-r1"
-S="${WORKDIR}/${MY_P}"
-
-PYVER=${SLOT%/*}
-
src_prepare() {
# Ensure that internal copies of expat, libffi and zlib are not used.
- rm -fr Modules/expat
- rm -fr Modules/_ctypes/libffi*
- rm -fr Modules/zlib
+ rm -fr Modules/expat || die
+ rm -fr Modules/_ctypes/libffi* || die
+ rm -fr Modules/zlib || die
- if tc-is-cross-compiler; then
- # Invokes BUILDPYTHON, which is built for the host arch
- local EPATCH_EXCLUDE="*_regenerate_platform-specific_modules.patch"
- fi
-
- EPATCH_SUFFIX="patch" epatch "${WORKDIR}/patches"
- epatch "${FILESDIR}/${PN}-3.4.3-ncurses-pkg-config.patch"
- epatch "${FILESDIR}/${PN}-3.4.5-cross.patch"
- epatch "${FILESDIR}/3.4-getentropy-linux.patch"
- epatch "${FILESDIR}/3.6-disable-nis.patch"
- epatch "${FILESDIR}/python-3.5.5-hash-unaligned.patch"
- epatch "${FILESDIR}/python-3.4.10-openssl11.patch"
+ local PATCHES=(
+ "${WORKDIR}/${PATCHSET}"
+ )
- epatch_user
+ default
sed -i -e "s:@@GENTOO_LIBDIR@@:$(get_libdir):g" \
configure.ac \
@@ -100,13 +87,13 @@ src_configure() {
local disable
# disable automagic bluetooth headers detection
use bluetooth || export ac_cv_header_bluetooth_bluetooth_h=no
- use gdbm || disable+=" gdbm"
- use ncurses || disable+=" _curses _curses_panel"
- use readline || disable+=" readline"
- use sqlite || disable+=" _sqlite3"
- use ssl || export PYTHON_DISABLE_SSL="1"
- use tk || disable+=" _tkinter"
- use xml || disable+=" _elementtree pyexpat" # _elementtree uses pyexpat.
+ use gdbm || disable+=" gdbm"
+ use ncurses || disable+=" _curses _curses_panel"
+ use readline || disable+=" readline"
+ use sqlite || disable+=" _sqlite3"
+ use ssl || export PYTHON_DISABLE_SSL="1"
+ use tk || disable+=" _tkinter"
+ use xml || disable+=" _elementtree pyexpat" # _elementtree uses pyexpat.
export PYTHON_DISABLE_MODULES="${disable}"
if ! use xml; then
@@ -148,25 +135,23 @@ src_configure() {
dbmliborder+="${dbmliborder:+:}gdbm"
fi
- BUILD_DIR="${WORKDIR}/${CHOST}"
- mkdir -p "${BUILD_DIR}" || die
- cd "${BUILD_DIR}" || die
-
- ECONF_SOURCE="${S}" OPT="" \
- econf \
- --with-fpectl \
- --enable-shared \
- $(use_enable ipv6) \
- $(use_with threads) \
- --infodir='${prefix}/share/info' \
- --mandir='${prefix}/share/man' \
- --with-computed-gotos \
- --with-dbmliborder="${dbmliborder}" \
- --with-libc="" \
- --enable-loadable-sqlite-extensions \
- --with-system-expat \
- --with-system-ffi \
+ local myeconfargs=(
+ --with-fpectl
+ --enable-shared
+ $(use_enable ipv6)
+ $(use_with threads)
+ --infodir='${prefix}/share/info'
+ --mandir='${prefix}/share/man'
+ --with-computed-gotos
+ --with-dbmliborder="${dbmliborder}"
+ --with-libc=
+ --enable-loadable-sqlite-extensions
--without-ensurepip
+ --with-system-expat
+ --with-system-ffi
+ )
+
+ OPT="" econf "${myeconfargs[@]}"
if use threads && grep -q "#define POSIX_SEMAPHORES_NOT_ENABLED 1" pyconfig.h; then
eerror "configure has detected that the sem_open function is broken."
@@ -180,11 +165,6 @@ src_compile() {
# https://bugs.gentoo.org/594768
local -x LC_ALL=C
- # Avoid invoking pgen for cross-compiles.
- touch Include/graminit.h Python/graminit.c || die
-
- cd "${BUILD_DIR}" || die
-
emake CPPFLAGS= CFLAGS= LDFLAGS=
# Work around bug 329499. See also bug 413751 and 457194.
@@ -202,8 +182,6 @@ src_test() {
return
fi
- cd "${BUILD_DIR}" || die
-
# Skip failing tests.
local skipped_tests="gdb"
@@ -211,7 +189,11 @@ src_test() {
mv "${S}"/Lib/test/test_${test}.py "${T}"
done
+ # bug 660358
+ local -x COLUMNS=80
+
local -x PYTHONDONTWRITEBYTECODE=
+
emake test EXTRATESTOPTS="-u-network" CPPFLAGS= CFLAGS= LDFLAGS= < /dev/tty
local result=$?
@@ -236,23 +218,24 @@ src_test() {
src_install() {
local libdir=${ED}/usr/$(get_libdir)/python${PYVER}
- cd "${BUILD_DIR}" || die
-
emake DESTDIR="${D}" altinstall
+ # Remove static library
+ rm "${ED}"/usr/$(get_libdir)/libpython*.a || die
+
sed \
-e "s/\(CONFIGURE_LDFLAGS=\).*/\1/" \
-e "s/\(PY_LDFLAGS=\).*/\1/" \
-i "${libdir}/config-${PYVER}"*/Makefile || die "sed failed"
# Fix collisions between different slots of Python.
- rm -f "${ED}usr/$(get_libdir)/libpython3.so"
+ rm "${ED}/usr/$(get_libdir)/libpython3.so" || die
# Cheap hack to get version with ABIFLAGS
- local abiver=$(cd "${ED}usr/include"; echo python*)
+ local abiver=$(cd "${ED}/usr/include"; echo python*)
if [[ ${abiver} != python${PYVER} ]]; then
# Replace python3.X with a symlink to python3.Xm
- rm "${ED}usr/bin/python${PYVER}" || die
+ rm "${ED}/usr/bin/python${PYVER}" || die
dosym "${abiver}" "/usr/bin/python${PYVER}"
# Create python3.X-config symlink
dosym "${abiver}-config" "/usr/bin/python${PYVER}-config"
@@ -260,19 +243,18 @@ src_install() {
dosym "python-${PYVER}.pc" "/usr/$(get_libdir)/pkgconfig/${abiver/${PYVER}/-${PYVER}}.pc"
fi
- use elibc_uclibc && rm -fr "${libdir}/test"
- use sqlite || rm -fr "${libdir}/"{sqlite3,test/test_sqlite*}
- use tk || rm -fr "${ED}usr/bin/idle${PYVER}" "${libdir}/"{idlelib,tkinter,test/test_tk*}
+ use sqlite || rm -r "${libdir}/"{sqlite3,test/test_sqlite*} || die
+ use tk || rm -r "${ED}/usr/bin/idle${PYVER}" "${libdir}/"{idlelib,tkinter,test/test_tk*} || die
- use threads || rm -fr "${libdir}/multiprocessing"
- use wininst || rm -f "${libdir}/distutils/command/"wininst-*.exe
+ use threads || rm -r "${libdir}/multiprocessing" || die
+ use wininst || rm "${libdir}/distutils/command/"wininst-*.exe || die
- dodoc "${S}"/Misc/{ACKS,HISTORY,NEWS}
+ dodoc Misc/{ACKS,HISTORY,NEWS}
if use examples; then
- insinto /usr/share/doc/${PF}/examples
- find "${S}"/Tools -name __pycache__ -print0 | xargs -0 rm -fr
- doins -r "${S}"/Tools
+ docinto examples
+ find Tools -name __pycache__ -exec rm -fr {} + || die
+ dodoc -r Tools
fi
insinto /usr/share/gdb/auto-load/usr/$(get_libdir) #443510
local libname=$(printf 'e:\n\t@echo $(INSTSONAME)\ninclude Makefile\n' | \
@@ -284,7 +266,8 @@ src_install() {
sed \
-e "s:@PYDOC_PORT_VARIABLE@:PYDOC${PYVER/./_}_PORT:" \
-e "s:@PYDOC@:pydoc${PYVER}:" \
- -i "${ED}etc/conf.d/pydoc-${PYVER}" "${ED}etc/init.d/pydoc-${PYVER}" || die "sed failed"
+ -i "${ED}/etc/conf.d/pydoc-${PYVER}" \
+ "${ED}/etc/init.d/pydoc-${PYVER}" || die "sed failed"
# for python-exec
local vars=( EPYTHON PYTHON_SITEDIR PYTHON_SCRIPTDIR )
@@ -307,8 +290,7 @@ src_install() {
# python and pythonX
ln -s "../../../bin/${abiver}" \
"${D}${PYTHON_SCRIPTDIR}/python${pymajor}" || die
- ln -s "python${pymajor}" \
- "${D}${PYTHON_SCRIPTDIR}/python" || die
+ ln -s "python${pymajor}" "${D}${PYTHON_SCRIPTDIR}/python" || die
# python-config and pythonX-config
# note: we need to create a wrapper rather than symlinking it due
# to some random dirname(argv[0]) magic performed by python-config
@@ -340,11 +322,14 @@ pkg_preinst() {
}
eselect_python_update() {
- if [[ -z "$(eselect python show)" || ! -f "${EROOT}usr/bin/$(eselect python show)" ]]; then
+ if [[ -z "$(eselect python show)" || \
+ ! -f "${EROOT}/usr/bin/$(eselect python show)" ]]; then
eselect python update
fi
- if [[ -z "$(eselect python show --python${PV%%.*})" || ! -f "${EROOT}usr/bin/$(eselect python show --python${PV%%.*})" ]]; then
+ if [[ -z "$(eselect python show --python${PV%%.*})" || \
+ ! -f "${EROOT}/usr/bin/$(eselect python show --python${PV%%.*})" ]]
+ then
eselect python update --python${PV%%.*}
fi
}